Closed Bug 860925 Opened 12 years ago Closed 10 years ago

Potential memory leaks on managing certificate using dupcert and CERT_AddCertToListTail

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: cviecco, Unassigned)

References

Details

There are two places within nsIdentityChecking.cpp where the idiom: CERT_AddCertToListTail(certList, CERT_DupCertificate($SOMECERT)); is used. This is problematic as there is no garantee that CERT_DupCertificate will actually succeed, further if the CERT_AddCertToListTail call fails there is no way do delete the temporary cert.
(In reply to Camilo Viecco (:cviecco) from comment #0) > This is problematic as there is no garantee that CERT_DupCertificate will > actually succeed You can rely on CERT_DupCertificate to always succeed. I have verified this before with the NSS team. > further if the CERT_AddCertToListTail call fails there is > no way do delete the temporary cert. Yes, this is a problem.
It doesn't look like this pattern exists anywhere within PSM anymore. AFAICT Bug 975229 removed most, if not all instances of this pattern: https://hg.mozilla.org/mozilla-central/diff/b3ebf7675c7b/security/certverifier/ExtendedValidation.cpp etc
Status: NEW → RESOLVED
Closed: 10 years ago
Depends on: 975229
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.